Plattform
php
Komponente
emlog
Behoben in
2.6.3
CVE-2026-34607 represents a Remote Code Execution (RCE) vulnerability affecting Emlog CMS versions from 1.0.0 up to and including 2.6.2. This flaw stems from insufficient sanitization of ZIP archive entries during file extraction, allowing attackers to write arbitrary files to the server's filesystem. Successful exploitation can lead to complete system compromise, and a patch is available in version 2.6.3.
The primary impact of CVE-2026-34607 is the potential for complete server compromise. An attacker, posing as an authenticated administrator, can upload a specially crafted ZIP file containing entries with directory traversal sequences (e.g., ../../). This allows them to write arbitrary files to the server's filesystem, effectively bypassing access controls. The most common payload would be a PHP webshell, granting the attacker persistent remote access and control over the web server. This could lead to data theft, modification, or deletion, as well as the deployment of further malicious software. The blast radius extends to any data stored on the server and potentially to other systems accessible from the compromised server.
CVE-2026-34607 was publicly disclosed on 2026-04-03. As of this date, there are no publicly available exploits or active campaigns targeting this vulnerability. The vulnerability is not currently listed on CISA KEV. The vulnerability's ease of exploitation, combined with the potential for significant impact, warrants careful attention and prompt remediation.
Emlog CMS installations, particularly those running versions 1.0.0 through 2.6.2, are at risk. Shared hosting environments that utilize Emlog CMS are especially vulnerable, as they often have limited control over server configurations and security settings. Administrators who have not implemented robust file upload validation or access controls are also at increased risk.
• linux / server:
find /var/www/emlog -type f -name '*.php' -exec grep -i 'emUnZip\(' {} + | journalctl -f• generic web:
curl -I http://your-emlog-site.com/wp-admin/admin-ajax.php?action=upload_plugin&file=../../../../../../etc/passwd | grep 'Content-Type:'• php:
Get-ChildItem -Path "C:\xampp\htdocs\emlog\include\lib" -Recurse -Filter "common.php"disclosure
patch
Exploit-Status
EPSS
0.37% (59% Perzentil)
CISA SSVC
CVSS-Vektor
The recommended mitigation for CVE-2026-34607 is to immediately upgrade Emlog CMS to version 2.6.3 or later, which contains the fix. If upgrading is not immediately feasible, consider implementing temporary workarounds. Restrict file uploads to only trusted sources and implement strict file type validation. Configure a Web Application Firewall (WAF) to block uploads of ZIP files with suspicious filenames containing directory traversal sequences (e.g., ..). Monitor file system activity for unexpected file creations or modifications, particularly in sensitive directories. Review and strengthen authentication mechanisms to prevent unauthorized administrator access. After upgrading, verify the fix by attempting to upload a test ZIP file with a malicious path traversal entry; the upload should be rejected.
Actualice Emlog a la versión 2.6.3 o posterior para mitigar la vulnerabilidad de recorrido de ruta. Esta actualización corrige la falta de sanitización de los nombres de las entradas ZIP, evitando la escritura de archivos arbitrarios en el sistema de archivos del servidor.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2026-34607 is a Remote Code Execution vulnerability in Emlog CMS versions 1.0.0 through 2.6.2. It allows an authenticated admin to upload crafted ZIP files to execute arbitrary code on the server.
You are affected if you are running Emlog CMS versions 1.0.0 to 2.6.2. Upgrade to version 2.6.3 or later to mitigate the risk.
The recommended fix is to upgrade Emlog CMS to version 2.6.3 or later. If immediate upgrade is not possible, implement temporary workarounds like restricting file uploads and configuring a WAF.
While no public exploits are currently available, the vulnerability's nature makes it a likely target for exploitation. Monitor your systems closely.
Refer to the official Emlog security advisory for details and updates: [https://www.emlog.org/security/](https://www.emlog.org/security/)
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.